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WHAT IS CLAIMED IS: 

1 • A management apparatus for managing a storage 

network having a computer, a storage device and a 
switch, comprising : 

a controller, an interface connected to said 
switch and an input interface to be used by an 
administrator, 

wherein when said computer or said storage 
device is connected to said switch: 

based on information of first and second 
identifiers of said computer or said storage device 
acquired via said interface from said computer or said 
storage device connected to said switch, information of 
a correspondence relation acquired from said switch via 
said interface between said second identifier of said 
computer or said storage device connected to said 
switch, and a third identifier for identifying an 
interface of said switch connected to said computer or 
said storage device, and information regarding said 
first identifier for identifying said computer or said 
storage device constituting a predetermined group 
entered by said administrator via said input interface, 
said third identifier of said switch belonging to said 
predetermined group is specified; and 

in response to inputting of information of a 
storage area of said storage device and information 
regarding said first identifier of said computer which 
can use said storage area, from said input interface, 
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the input information is sent to said storage device to 
instruct security configuration, information of said 
third identifier of said switch corresponding to said 
first identifier and information of said predetermined 
group to which said third identifier belongs is 
derived, and the derived information is sent to said 
switch to instruct configuration of a virtual LAN 
corresponding to said predetermined group. 

2. A management apparatus according to claim 1, 
wherein said first identifier is an Internet protocol 
(IP) address, said second identifier is a MAC address, 
said third identifier is a port ID, and the information 
regarding said first identifier is a subnet address . 

3. A management apparatus according to claim 2, 
wherein said MAC address is acquired by sending an ARP 
command to said computer, and the correspondence 
relation between said MAC address and said port ID is 
acquired by issuing a Get command of SNMP from said 
switch . 

4. A management apparatus according to claim 3, 
wherein connection of said computer to said switch is 
detected upon reception of an SLP packet from said 
computer connected to said switch. 

5. A management apparatus according to claim 1, 
wherein the contents of an instruction given to said 
switch is an instruction to add said third identifier 
to the virtual LAN corresponding to said predetermined 
group . 



6. A management apparatus according to claim 5, 
wherein if the virtual LAN corresponding to said 
predetermined group is not configured in said switch, 
the contents of the instruction is an instruction to 
generate a new virtual LAN corresponding to said 
predetermined group . 

7. A management apparatus according to claim 6, 
wherein when said computer or said storage device is 
disconnected from said switch, said switch is 
instructed to delete said third identifier 
corresponding to said disconnected computer or said 
disconnected storage device from the virtual LAN 
corresponding to said predetermined group to which said 
disconnected computer or said disconnected storage 
device belongs. 

8. A management apparatus according to claim 7, 
wherein if said third identifier corresponding to said 
disconnected computer or said disconnected storage 
device is deleted from said virtual LAN corresponding 
to said predetermined group and if said computer or 
said storage device belonging to said predetermined 
group is lost, said switch is instructed to delete said 
virtual LAN itself." 

9. A switch connectable to a computer and a 
storage device, comprising: 

a controller, an interface connected to said 
storage device or said computer and an input interface 
to be used by an administrator, 



wherein when said computer or said storage 
device is connected to said interface: 

in accordance with information of first and 
second identifiers of said computer or said storage 
device acquired via said interface from said computer 
or said storage device connected, information of a 
correspondence relation possessed by said switch 
between said second identifier of said computer or said 
storage device connected to said switch, and a third 
identifier for identifying an interface of said switch 
connected to said computer or said storage device, and 
information regarding said first identifier for 
identifying said computer or said storage device 
constituting a predetermined group entered by said 
administrator via said input interface, said controller 
identifies said third identifier corresponding to said 
computer or said storage device belonging to said 
predetermined group; and 

in response to inputting of information of a 
storage area of said storage device and information 
regarding said first identifier of said computer which 
can use said storage area, from said input interface, 
input information is sent to said storage device to 
instruct security configuration, information of said 
third identifier corresponding to said first identifier 
and information of said predetermined group to which 
said third identifier belongs is derived, a virtual LAN 
corresponding to said predetermined group is 



configured . 

10. A storage device connectable to a switch 

connected to a computer, comprising: 

a controller, an interface connected to said 
switch, an input interface to be used by an 
administrator and a storage area, 

wherein when said computer is connected to 
said switch: 

based on information of first and second 
identifiers of said computer acquired via said 
interface from said computer connected, information of 
a correspondence relation acquired from said switch via 
said interface between said second identifier of said 
computer connected to said switch and a third 
identifier for identifying said interface of said 
switch connected to said computer, and information 
regarding said first identifier for identifying said 
computer constituting a predetermined group entered by 
said administrator via said input interface, said third 
identifier corresponding to said computer belonging to 
said predetermined group is identified; and 

in response to inputting of information of 
said storage area and information regarding said first 
identifier of said computer which can use said storage 
area, from said input interface, security configuration 
is performed, information of said third identifier 
corresponding to said first identifier and information 
of said predetermined group to which said third 
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identifier belongs is derived, and said switch is 
instructed to configure a virtual LAN corresponding to 
said predetermined group. 

11. A management method for managing a storage 

network having a computer, a storage device and a 
switch, comprising the steps of: 

when said computer or said storage device is 
connected to said switch: 

based on information of first and second 
identifiers of said computer or said storage device 
acquired from said computer or said storage device 
connected to said switch, information of a 
correspondence relation acquired from said switch 
between said second identifier of said computer or said 
storage device connected to said switch, and a third 
identifier for identifying an interface of said switch 
connected to said computer or said storage device, and 
information regarding said first identifier for 
identifying said computer and said storage device 
constituting a predetermined group, specifying said 
third identifier corresponding to said computer or said 
storage device belonging to said predetermined group; 
and 

based on information of a storage area of 
said storage device and information regarding said 
first identifier of said computer which can use said 
storage area, performing security configuration by said 
storage device, extracting information of said third 
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identifier corresponding to said first identifier and 
information of said predetermined group to which said 
third identifier belongs, and creating through said 
switch a virtual LAN corresponding to said 
predetermined group . 

12 . A management method for a storage system 
having a storage device, a switch and a computer 
respectively connected by a network, comprising the 
steps of: 

based on an identifier of a storage area of 
said storage device and a first address of said 
computer, performing access control configuration 
relative to the identifier of said storage area for 
said storage device; and converting the first address 
of said computer into a second address, converting the 
second address of said computer into an identifier of a 
port of said switch connected to said computer, and 
adding the identifier of said port to a virtual LAN for 
said switch. 

13. A management method for a storage system 
having a storage device, a switch and a computer 
respectively connected by a network, comprising the 
steps of: 

based on an identifier of a storage area of 
said storage device and a first address of said 
computer, performing access control configuration for 
said computer relative to said storage area by said 
storage device; and 



converting the first address of said computer 
into a second address, converting the second address of 
said computer into an identifier of a port of said 
switch connected to said computer, and adding the 
identifier of said port to a virtual LAN for said 
switch . 



